I use BPS on practically all my websites that use Apache (BPS doesn't work under nginx), mostly as a preventive measure: none of them was ever hacked. But there is always a first time, and, to avoid that "first time", I make sure that BPS does it job. So far, so good!

BPS is a little tricky to configure. It has many options and requires several steps to complete the initial installation; after each upgrade, it requires a manual "reset" (easy to do) to make sure that all files are properly in place. It's also a bit tricky to make sure that it plays nicely with other plugins which might reconfigure .htaccess (like most cacheing plugins). Its interface departs completely from the usual WordPress UI standards and looks a bit anachronistic. Those are the only reasons for giving it just 4 out of 5 stars; at the core, what it does — protecting your website from intrusion — it does beautifully, and without any loss of performance.

As WordPress increases in popularity, and in spite of its already many built-in security features, hackers become increasingly more persistent in finding ways through WordPress's standard security. BPS is a welcome addition that will keep hackers away, as long as it is properly installed and maintained.

After upgrading it blew away my .htaccess file in my public_html folder. In my case I would have preferred to have done an uninstall then a fresh install.

"50,000 customers can't be wrong!" It just didn't work for us.

Tech support was good, though. Except support incorrectly told me my site's been down for a week (it wasn't, he was looking at a corrupt Google cache file), and a moderator challenged me on the fact that my install failed.

Based on a previous version's log file, our site is getting hammered with all sorts of bad guys. So I guess it's doing its job.

I'm a bit of a novice though so I guess everyone including me was having a bad day.

I've been using BulletProof Security on a few Werdpress sites for a while now and haven't had ANY issues with it, once its been setup. I found getting it properly setup and working with some other WordPress plugins was a bit cumbersome. However, once I got all that worked out, it's been very unobtrusive. One addition I would like to see is some way of logging security violation attempts or attacks. This way, users of this plugin would have some kind of sense it's actually doing what we want it to do. :)

Other than that, I think it's a "must have" plugin for EVERY WordPress installation!